1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From: Werner Koch <wk@gnupg.org>
Date: Tue, 22 Jan 2019 10:06:15 +0100
Subject: gpg: Stop early when trying to create a primary Elgamal key.
* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
--
The problem is that --key-gen --batch with a parameter file didn't
detect that Elgamal is not capable of signing and so an error was only
triggered at the time the self-signature was created. See the code
comment for details.
GnuPG-bug-id: 4329
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8)
(cherry picked from commit f5d3b982e44c5cfc60e9936020102a598b635187)
---
g10/misc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/g10/misc.c b/g10/misc.c
index 86baff9..d9ebf48 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -644,6 +644,13 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
if (!ga)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
+ /* Elgamal in OpenPGP used to support signing and Libgcrypt still
+ * does. However, we removed the signing capability from gpg ages
+ * ago. This function should reflect this so that errors are thrown
+ * early and not only when we try to sign using Elgamal. */
+ if (ga == GCRY_PK_ELG && (use & (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)))
+ return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+
/* Now check whether Libgcrypt has support for the algorithm. */
return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf);
}
|
